Safari 7, introduced with OS X Mavericks, is now better protected against malware and poorly-written Flash code as Flash is finally sandboxed.

Sandboxing means that OS X restricts what the code can do, stopping a badly-written app from crashing the entire browser and preventing malware from getting access to any other part of your Mac. Flash has been sandboxed for some time in Chrome, Firefox and even Internet Explorer.

For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process. As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly. The sandbox also limits Flash Player’s local connections to device resources and inter-process communication (IPC) channels. Finally, the sandbox limits Flash Player’s networking privileges to prevent unnecessary connection capabilities.

Safari users on OS X Mavericks can view Flash Player content while benefiting from these added security protections. We’d like to thank the Apple security team for working with us to deliver this solution.